Shared responsibility models are important for effective
security in computing. Security and compliance are
everyone’s responsibility and not only something
delivered only by the IT group.
For cloud computing, cloud service providers (CSPs)
provide some security protection. However, that doesn’t
mean that cloud data is fully secure. CSPs correctly point
out that the responsibility isn’t theirs alone, hence the
concept of the Cloud Security Shared Responsibility
Model. Microsoft, for example, publishes their model for
their cloud computing resource, Azure. Amazon has a
similar approach for Amazon Web Services (AWS). Both
of these models point out that a secure infrastructure
relies on the customer playing their part to make the
system truly secure and compliant.
This paper acknowledges the work delivered by
Microsoft and Amazon (and others) and takes those
models as an initial basis, but goes into more depth
on the responsibilities of the end-user community (the
enterprise itself, the information and IT security teams,
and the users). Cloud data can only be safeguarded if
security features are well understood, switched on, and
properly configured at the outset. This 360˚ Shared
Responsibility Model considers who is responsible for
cloud configurations, data flow between different cloud
services, collaboration, access and device controls, and
Every row in the model highlights a different set of
possible risks, and every row needs attention to ensure
complete security. If an enterprise addresses many rows,
but not all, or assumes that someone else is responsible
for all security, then security is compromised.
Download the full report today by clicking on the button to the right-hand side.